a6d8c23237b097229e8e1444d2f8c996_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6d8c23237b097229e8e1444d2f8c996_JaffaCakes118
Size

633KB
MD5

a6d8c23237b097229e8e1444d2f8c996
SHA1

96e24c07b68a264e5f73983b6b257ac09d7e1926
SHA256

9a61c863cde85ae6d14b288ff71c9372488f8047f2268be89fb67be02aaa8c41
SHA512

2dcae736a81520982d75041587f2b593e5881636a4041c072dcbe7ff48b9a93bef6ebd090d862ff1527a444e38b0cf1164cd050ec5056a349828804f1b71af43
SSDEEP

12288:mJ6wfACHVqRuOTh17Wcp4O8DkllW4V3x+F:Tw4uYuOjWE8DkllRh+F

Score

1^/10

Malware Config

Signatures

Files

a6d8c23237b097229e8e1444d2f8c996_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ecb42d91bd75c2ee1f49aa870348533

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/09/2009, 00:00

Not After

08/09/2012, 23:59

Subject

CN=Jetico Inc. Oy,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Jetico Inc. Oy,L=Espoo,ST=Uusimaa,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:80:4e:11:bb:49:6b:d6:c6:3d:b3:04:b4:38:e3:59:df:f5:f5:c4
Signer

Actual PE Digest

a1:80:4e:11:bb:49:6b:d6:c6:3d:b3:04:b4:38:e3:59:df:f5:f5:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Add
ImageList_GetIcon
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW

kernel32

CreateSemaphoreA
ReleaseSemaphore
WideCharToMultiByte
MultiByteToWideChar
lstrcmpA
GetCurrentProcess
SetLastError
SetErrorMode
GetModuleFileNameW
GetDriveTypeA
CreateProcessW
CreateFileW
FindNextFileA
GlobalAlloc
GetModuleHandleA
FindFirstFileW
GetWindowsDirectoryW
GetFileAttributesA
GetCommandLineW
GetComputerNameA
GetExitCodeProcess
DeleteFileW
GetWindowsDirectoryA
GetVolumeInformationA
FindNextFileW
GetFileAttributesW
GetDriveTypeW
CreateProcessA
SetFileAttributesA
LoadLibraryExW
GetCommandLineA
GlobalFree
GetDiskFreeSpaceA
GetComputerNameW
FindFirstFileA
SetFileAttributesW
GetDiskFreeSpaceW
DeleteFileA
GetVolumeInformationW
GetConsoleMode
GetConsoleCP
InitializeCriticalSection
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
ExitProcess
HeapSize
LCMapStringW
LCMapStringA
RaiseException
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
LoadLibraryExA
TerminateThread
LoadResource
LockResource
FindResourceW
SizeofResource
FreeResource
FindResourceA
GetModuleFileNameA
SetFileTime
GetLocaleInfoA
WaitForSingleObject
GetExitCodeThread
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
DeviceIoControl
Sleep
LoadLibraryA
DefineDosDeviceA
GetLogicalDrives
CreateThread
GetVersionExA
GetProcAddress
FreeLibrary
FlushFileBuffers
ReadFile
SetFilePointer
FindClose
CloseHandle
GetFileSize
GetLastError
WriteFile
SetEndOfFile
GetVersion
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

DefWindowProcW
DefWindowProcA
CallWindowProcW
GetMenuStringW
DrawTextA
SetWindowTextW
CreateWindowExA
GetWindowTextLengthW
GetMessageW
RegisterClassA
GetMessageA
FindWindowW
PeekMessageA
MessageBoxW
GetMenuItemInfoA
GetWindowTextLengthA
LoadStringW
RegisterClassW
DispatchMessageW
GetMenuStringA
GetDesktopWindow
LoadCursorA
DestroyCursor
ShowWindow
GetMenuItemInfoW
GetWindowLongW
SetDlgItemTextA
SetWindowTextA
SetWindowLongW
GetDlgItemTextW
DrawTextW
SetDlgItemTextW
SendMessageW
CheckMenuItem
CreatePopupMenu
CreateMenu
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenu
GetMenuItemRect
DrawFrameControl
CallWindowProcA
FindWindowA
DispatchMessageA
GetWindowTextW
InsertMenuItemA
InsertMenuItemW
CreateWindowExW
GetDlgItemTextA
LoadStringA
SetCursor
TrackPopupMenuEx
PtInRect
ClientToScreen
MessageBoxA
GetClientRect
MoveWindow
IsIconic
RemoveMenu
BeginPaint
FillRect
SystemParametersInfoA
GetDC
DialogBoxIndirectParamW
GetSystemMetrics
GetSubMenu
EndPaint
SetWindowLongA
MapWindowPoints
GetWindowLongA
LoadMenuA
DestroyMenu
GetClassNameA
GetDlgCtrlID
DialogBoxParamA
GetSysColor
GetWindowRect
EnumChildWindows
DrawIcon
GetSysColorBrush
DeleteMenu
EnableMenuItem
GetCursorPos
EnableWindow
GetParent
EndDialog
SetFocus
SendMessageA
SetWindowPos
IsWindow
PostMessageA
DestroyIcon
LoadBitmapA
PostQuitMessage
GetDlgItem
LoadIconA
DestroyWindow
TranslateMessage
GetWindowTextA

gdi32

DeleteDC
BitBlt
CreateBitmap
CreateCompatibleDC
GetObjectA
CreateSolidBrush
SetBkMode
SelectObject
CreateFontIndirectA
SetTextColor
DeleteObject

comdlg32

GetOpenFileNameW
GetOpenFileNameA

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyA
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyW
RegQueryValueExA

shell32

ShellExecuteW
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetMalloc
Shell_NotifyIconA
ShellExecuteExW

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ecb42d91bd75c2ee1f49aa870348533

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

a1:80:4e:11:bb:49:6b:d6:c6:3d:b3:04:b4:38:e3:59:df:f5:f5:c4Signer

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 368KB - Virtual size: 368KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

1d:39:91:73:ff:3c:fe:7e:2b:11:0a:41:ce:18:d4:a6
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

a1:80:4e:11:bb:49:6b:d6:c6:3d:b3:04:b4:38:e3:59:df:f5:f5:c4
Signer

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 368KB - Virtual size: 368KB